1015 Commits

Author	SHA1	Message	Date
Luke Taylor	afaa169e97	SEC-449: Test data ldif file for ApacheDS.	2007-09-10 21:09:59 +00:00
Luke Taylor	0503c3e1ab	SEC-449: Refactoring towards more use of Spring LDAP. Also borrowed the Spring LDAP integration testing setup which is much better and makes use of the full LDAP stack. There were still problems with using Apache DS's CoreContextFactory (e.g. compare operations) so it is an improvement on that front too. Moved spring ldap to 1.2-RC1 version.	2007-09-10 21:09:02 +00:00
Scott Battaglia	f7815e8da2	SEC-520 ... added parameter to determine whether to encode the session id or not and an explanation on when it should/should not be used.	2007-09-10 15:11:56 +00:00
Luke Taylor	e7ede68352	Update ldap test base class to use LdapContext by default.	2007-09-07 20:52:03 +00:00
Luke Taylor	ff1f1d8ef5	SEC-449: Rename internal LdapTemplate class to SpringSecurityLdapTemplate to avoid confusion.	2007-09-07 20:49:38 +00:00
Luke Taylor	f178ca2a39	Updated trunk poms to 2.0-SNAPSHOT version	2007-09-07 20:14:55 +00:00
Luke Taylor	70239a9769	SEC-513: First check in of user management stuff.	2007-09-07 20:01:46 +00:00
Luke Taylor	9b71b5aa00	SEC-449: Mostly changes to aid moving towards compatibility with spring-ldap.	2007-09-07 19:55:45 +00:00
Luke Taylor	8d4b97f685	Updated poms post-release 1.0.5	2007-09-06 02:52:09 +00:00
Luke Taylor	c8b6111418	Release 1.0.5.	2007-09-06 01:52:53 +00:00
Luke Taylor	3de8745494	Commented out (another) failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed).	2007-09-04 01:06:58 +00:00
Luke Taylor	6289503643	Commented out failing captcha test whose behaviour varies with speed of the build server (makes assumptions about the interval within which certain lines of code are executed).	2007-09-03 23:33:13 +00:00
Luke Taylor	34527c3305	Changed spring version to 1.2.9 and modified dependencies to get build to work with this version. Corrected some javadoc links.	2007-09-03 15:47:39 +00:00
Luke Taylor	15ee5b2364	SEC-540,SEC-541: Changes for maven 2 site generation and use of docbkx.	2007-09-02 13:22:24 +00:00
Luke Taylor	4e452046ec	Comment out System.out.println	2007-09-01 14:59:41 +00:00
Ray Krueger	edd7bbeceb	Removed repeated downcasting of ServletRequest and ServletResponse	2007-09-01 14:43:09 +00:00
Luke Taylor	b2799985f2	SEC-398: Added patch which uses response wrapper to set context in session on redirect or error.	2007-08-31 20:39:33 +00:00
Luke Taylor	219b865c01	SEC-544: Added German localization messages from Andreas Senft.	2007-08-31 12:15:13 +00:00
Luke Taylor	c021bf4682	SEC-542: Made SessionInformation serializable. Also remove unused default constructor.	2007-08-30 21:38:07 +00:00
Luke Taylor	0adf0d6f1c	SEC-529: Added French translation of messages from Laurent Pireyn	2007-08-30 21:27:49 +00:00
Luke Taylor	bc411c7c3b	SEC-457: Added Czech translation of messages from Jan Novotný	2007-08-30 21:20:19 +00:00
Luke Taylor	ea61964f56	SEC-483: Fix. Make getGroupSearchBase protected.	2007-08-30 21:15:14 +00:00
Luke Taylor	0c4916ee98	SEC-427: Fix. Added NullAuthoritiesPopulator and extra constructor.	2007-08-30 21:12:16 +00:00
Luke Taylor	301626fd6e	SEC-346: Fix. Added suggested change. Also some minor tidying up of comments etc.	2007-08-30 20:55:49 +00:00
Luke Taylor	2e8d16c538	SEC-484: Multithreaded tests for SessionRegistryImpl.	2007-08-30 19:26:24 +00:00
Luke Taylor	ad43d433b4	SEC-484: Fix for NPE concurreny issue. Also reinstated synchronized on registerNewSession (had removed it for testing).	2007-08-30 19:04:18 +00:00
Luke Taylor	aa4ee54f86	Added logging to SessionRegistryImpl.	2007-08-30 18:22:40 +00:00
Luke Taylor	7fcdd4a6ff	More tidying...	2007-08-30 11:31:36 +00:00
Luke Taylor	510cd5050f	Tidied up SessionRegistryImpl and rolled back reformatting of its test class to incorrect width.	2007-08-30 11:21:28 +00:00
Luke Taylor	5f993e5627	SEC-534: Refactored JaasAuthenticationProvider to use ApplicationPublisherAware rather than ApplicationContextAware.	2007-08-29 11:51:02 +00:00
Luke Taylor	1467527c0a	SEC-538: Deleted maven 1 files.	2007-08-29 11:00:28 +00:00
Luke Taylor	5b7ed79b6a	SEC-539: Reformatted "divider" comments (//~ Methods=== etc). Simplified boolean expression in afterPropertiesSet.	2007-08-28 23:19:06 +00:00
Luke Taylor	d7cef1ba31	SEC-539: Moved SecurityContextHolder.setContext() call into the try {} block to emphasize that it is only set for the duration of chain.doFilter() and immediately cleared afterwards. Changed the debug messages about setting the context, since it has not strictly taken place when they are logged.	2007-08-28 23:11:58 +00:00
Luke Taylor	47c5a6d43f	SEC-539: Renamed extractSecurityContextFromSession to readSecurityContextFromSession to emphasize that it doesn't actually modify anything (the context is still stored in the session).	2007-08-28 22:43:13 +00:00
Luke Taylor	f7a6129657	SEC-539: Removed unnecessary check for a null request object. Removed unnecessary catch/rethrow of IOException and ServletException from try/finally around chain.doFilter.	2007-08-28 22:40:56 +00:00
Luke Taylor	d1be9f9980	SEC-539: Refactored so that SecurityContextHolder.setContext() is called in exactly one place. Moved setting of httpSession = null to point immediately after its last use.	2007-08-28 22:38:55 +00:00
Luke Taylor	3dd0716611	SEC-539: Altered storeSecurityContextInSession to take the SecurityContext as a parameter rather than calling SecurityContextHolder.getContext(). This allows SecurityContextHolder.clearContext() to be called immediately after reading the context in the finally block of doFilter().	2007-08-28 21:58:30 +00:00
Luke Taylor	fa63d8ecfb	SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession()	2007-08-28 21:25:17 +00:00
Luke Taylor	ce3eb599ed	SEC-539: Renamed populateSecurityContextFromSession to extractSecurityContextFromSession and removed the side-effect of setting SecurityContextHolder. It now returns the context found in the session (or null) and SecurityContextHolder.setContext() is called in a single place in doFilter().	2007-08-28 21:11:48 +00:00
Luke Taylor	ba88214d1d	SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic.	2007-08-28 20:16:19 +00:00
Luke Taylor	27ef2caf45	SEC-539: Removed filterApplied boolean.	2007-08-28 19:56:33 +00:00
Luke Taylor	e8d11f28f2	SEC-539: Extracted storeSecurityContextInSession() method.	2007-08-28 19:54:24 +00:00
Luke Taylor	bcf69cbe3d	SEC-539: Extracted populateSecurityContextFromSession() method.	2007-08-28 19:16:37 +00:00
Luke Taylor	6651a240de	Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not.	2007-08-28 18:26:04 +00:00
Luke Taylor	6fe00b3433	SEC-501: Fix. Convert secure url paths to lower case if convertUrlToLowercaseBeforeComparison is true. ... Also removed unnecessary assertions from PathBasedFilterDefinitionMapTests.	2007-08-28 16:53:05 +00:00
Luke Taylor	4ba77fa736	SEC-450: Added group subtree to LDAP test server and extra tests for DefaultLdapAuthoritiesPopulator to make sure searchSubtree parameter works as expected.	2007-08-28 15:26:59 +00:00
Luke Taylor	e189bc685f	SEC-408: Fix. Provide getter for filterProcessesUrl.	2007-08-28 11:37:05 +00:00
Luke Taylor	c8077c5e87	SEC-506: Fix as suggested by reporter. Split the disgest header string ignoring separating commas which occur between quotes.	2007-08-28 00:31:30 +00:00
Luke Taylor	3f123e1478	SEC-518: Fix. "Cache" in EhCache is a class, so change the APIs to use the interface it implements (Ehcache).	2007-08-27 23:41:59 +00:00
Luke Taylor	87d6b8dedd	SEC-412: Fix. Added extra constructor to UsernameNotFoundException allow use of extraInformation property of parent class.	2007-08-27 23:22:48 +00:00